Re: IPsec is very broken...

2014-11-21 Thread Bjoern A. Zeeb
On 20 Nov 2014, at 21:35 , John-Mark Gurney wrote: > The first major issue I ran across was transport mode... ae@ has been > nice enough to get ICMP working in transport mode for IPv4 and IPv6, > but it looks like TCP is still broken. I haven't tested UDP yet... > So, IPsec even w/o crypto is f

Re: IPsec is very broken...

2014-11-20 Thread John-Mark Gurney
Andrey V. Elsukov wrote this message on Fri, Nov 21, 2014 at 01:20 +0300: > On 21.11.2014 00:35, John-Mark Gurney wrote: > > As I'm about to commit my AES-GCM work, I've been trying to do > > some testing to make sure I didn't break IPsec. > > > > The first major issue I ran across was transport m

Re: IPsec is very broken...

2014-11-20 Thread Andrey V. Elsukov
On 21.11.2014 00:35, John-Mark Gurney wrote: > As I'm about to commit my AES-GCM work, I've been trying to do > some testing to make sure I didn't break IPsec. > > The first major issue I ran across was transport mode... ae@ has been > nice enough to get ICMP working in transport mode for IPv4 an

IPsec is very broken...

2014-11-20 Thread John-Mark Gurney
As I'm about to commit my AES-GCM work, I've been trying to do some testing to make sure I didn't break IPsec. The first major issue I ran across was transport mode... ae@ has been nice enough to get ICMP working in transport mode for IPv4 and IPv6, but it looks like TCP is still broken. I haven